Cybercrime In South Africa and the benefits of public private partnerships
1. CYBER CRIME IN SOUTH AFRICA
CYBER CRIME IN SOUTH AFRICA:
INVESTIGATING AND
PROSECUTING CYBER CRIME
AND THE BENEFITS
OF
PUBLIC-PRIVATE PARTNERSHIPS*
ADV JACQUELINE FICK
SENIOR MANAGER: ADVISORY
RISK AND COMPLIANCE MANAGEMENT
PWC SOUTHERN AFRICA
MARCH 2009
*connectedthinking
2. EXECUTIVE SUMMARY
With the advent of advanced technology has come a new breed of criminals:
criminals who are well-organised, well-resourced and have technological savvy.
These cyber criminals commit their crimes with great speed, in an environment of
cyber-anonymity and in most instances, in multiple legal jurisdictions.
Traditional criminals are turning away from crime such as cash-in-transit robberies to
an easy and well-paying life of cyber crime, which offers far greater rewards for less
risk.
Law enforcement agencies are left playing catch-up with criminals. Traditional law
enforcement tools, methodologies and disciplines do not successfully address the
detection, investigation and prosecution of cyber crime. This type of crime calls for a
pro-active approach, for timely international cooperation, and for effective public-
private partnerships to ensure the upper-hand over criminals.
This paper aims to provide a broad overview of the South African legal context
governing cyber crime, practical examples of cyber investigations and the benefits of
public-private partnerships to the prevention, detection and prosecution of cyber
crime in South Africa.
i
3. TABLE OF CONTENTS
Executive Summary ............................................................................................... I
Introduction ............................................................................................................. 2
Legislative framework governing cyber crime in South Africa .................... 3
Introduction ........................................................................................................ 3
Definitions relating to cyber law.......................................................................... 4
Categories of cyber crime .................................................................................. 5
Specific provisions of the ECT Act ..................................................................... 7
Unauthorised access (section 86(1)) ............................................................ 7
Unauthorised modification of data and various forms of malicious code
(section 86(2))............................................................................................... 7
Denial of service attacks (section 86(5)) ....................................................... 8
Unauthorised interception (section 86(1)) ..................................................... 8
Devices (section 86(4)) ................................................................................. 9
Extortion (section 87(1))................................................................................ 9
Computer-related fraud (section 87(2))......................................................... 9
Theft ................................................................................................................... 9
Pornography, Cyber Obscenity and Stalking.................................................... 10
Council of Europe’s Convention on Cyber crime.............................................. 11
Investigation and prosecution of cyber crime in South Africa ................... 13
Practical applications........................................................................................ 18
Public-private partnerships: The layered defence ....................................... 21
Conclusion ............................................................................................................ 27
Bibliography .......................................................................................................... 29
ii
4. “With the Internet’s global reach, the temptation is irresistible for these criminal
entrepreneurs. The value of information and transactions on computer networks has grown
to the point where cyber crime has become an organised, professional activity. Cyber
criminals take advantage of vulnerabilities in networks and computers to gain access to
valuable information, such as personal identification information, financial data, or intellectual
property.
Criminals now use the Internet for extortion, fraud, money laundering, and theft. Information
technology lets them carry out these crimes more efficiently and with less risk. Victims can
be found automatically. The use of pseudonyms or online identifies provides an anonymity
that is attractive to criminals. Some sources estimate that perhaps only 5 percent of cyber
criminals are ever caught and convicted. The internet provides criminals a way to move
money rapidly among bank accounts and countries. The nature of the Internet makes it
difficult for police to follow transactions to gather evidence, and national laws differ enough
to make prosecution difficult.”
McAfee Virtual Criminology Report:
North American Study into Organised Crime and the Internet
1
5. CYBER CRIME IN SOUTH AFRICA
information technology has also
INTRODUCTION
revolutionised the commission of
In this exciting cyber era, information various crimes, leading to a situation
technology and computers have where investigators more often than
invaded our every day lives to such an not, have to play catch-up with
extent that we cannot cope without sophisticated and well-organised
them. criminals.
Traditional shopping malls have been This paper aims to provide a broad
replaced by virtual shopping malls and overview of the legislative framework
one can acquire almost anything governing cyber crime in South Africa,
through the Internet. Information the investigation and prosecution of
superhighways have made a virtual these crimes and the benefits of
borderless world possible. One can public-private partnerships.
have access to information located
anywhere in the world, within seconds The paper was written for the Council
and on the click of a mouse. of Europe’s Octopus Interface
Conference 2009, 10 – 11 March
Computers and information technology 2009, Strasbourg, France. The author
are used in business, industry, was a presenter at the Workshop on
medicine, science, engineering, Following criminal money on the
education and government, to name Internet, 10 March 2009.1
but a few fields.
It is hard to imagine what the world
would be like without it. The
advantages of computers are
countless and they have a profound
effect on society.
But the same rings true when it comes
to criminals: computers and
2
6. CYBER CRIME IN SOUTH AFRICA
LEGISLATIVE
FRAMEWORK
GOVERNING
CYBER CRIME IN
SOUTH AFRICA
INTRODUCTION
The South African criminal law
originates from Roman law and legal
referred to as the ECT Act), which was
principles that were developed
assented to on 31 July 2002 and has
centuries ago.
been in operation since 30 August
2002.
These legal concepts were hardly
designed to cope with today’s
The ECT Act eradicated several of the
advancing technology, nor were the
lacunae that previously existed in the
traditional methods of detection,
South African law, in respect of the
investigation and prosecution of crime
emergence of various types of cyber
designed to bring cyber criminals to
crime, such as hacking and the
book.
creation of malicious computer code.
Early in 2001 the South African Law
The unauthorised access and
Commission released a discussion
unauthorised modification of data, as
paper on computer-related crime and
well as the possession and distribution
also recommended that legislation
of hardware devices and software
should be considered to introduce new
programs that facilitate the
cyber offences.
commission of these offences have
now been criminalised (e.g. spyware,
This led to the Electronic
key loggers and spy software).
Communications and Transactions
Act, No. 25 of 2002 (hereinafter
3
7. CYBER CRIME IN SOUTH AFRICA
perform various functions in respect of
DEFINITIONS the stored data.7 Various crimes can
RELATING TO be committed in respect of the smart
CYBER LAW card itself, as well as the functions and
data contained in the microprocessor
It is interesting to note that the chip, which will make various forms of
Convention on Cybercrime uses the cyber crime equally applicable to smart
terms computer system2 and computer cards.
3
data and appears to limit the
application of the Convention to All these devices essentially contain
computers, computer systems and data that involves some form of
4
computer-related data . computer and information technology
and it is submitted will all fall within the
Computer hardware refers to the scope and ambit of the ECT Act.
mechanical components of a computer
system and is physical in nature. South African authors Credo and
Computer software refers to the Michels8 defined computer crime as:
instructions given to a computer in
order to function in a certain way. “…computer crime encompasses the
These instructions consist of electronic use of a computer as a tool in the
5
data and are incorporeal in nature. perpetration of a crime, as well as
situations in which there has been
It is furthermore important to note that unauthorised access to the victim’s
computer components are used not computer, or data. Computer crime
only in computers, but also in various also extends to physical attacks on the
other devices such as cellular computer and/or related equipment as
6
telephones. well as illegal use of credit cards and
violations of automated teller
A smart card is a plastic card with a machines, including electronic fund
microprocessor chip embedded in it. transfer thefts and the counterfeit of
This chip enables it to store data and hardware and software.” 9
to process information. A smart card
has computer intelligence and can
4
8. CYBER CRIME IN SOUTH AFRICA
There has, however, been a move in provisions relating to cyber inspectors
South African law to use the term been implemented.
cyber crime which is wide enough to
encompass all illegal activities in
respect of computers, information CATEGORIES OF
networks and cyberspace.10 CYBER CRIME
It is also important to bear in mind that There are various different types of
computer-related crime can take on criminality where computers play a
the form of traditional/conventional role, such as:
crimes in which computers are
instrumental to the offence, such as Service disruption and/or the
child pornography and intellectual interference with lawful use of a
property theft, attacks on computer computer.
networks, as well as conventional Dissemination of offensive
criminal cases where the evidence that materials such as pornography.
is to be used is in digital form. Extortion and cyber-stalking.
Reputational damage such as
The ECT Act sufficiently deals with defacing a company website.
jurisdiction, the admissibility of data Forgery/counterfeiting: IP offences,
messages, the admissibility of software piracy, copyright
electronic signatures, as well as the infringements, etc. Currently the
regulation of cryptography. best known form of cyber fraud is
phishing that begins with an e-mail
purporting to be from a bank, credit
Cyber inspectors are a new addition to
card company or retailer asking the
law enforcement and their tasks
user to go to a website and supply
include the monitoring of the Internet
account information.
and ensuring that the provisions of the
Information theft is the most
ECT are complied with. However,
damaging category of Internet
South Africa still does not have a
crime and can take on several
recognised body that deals with
forms, such as theft of personal
electronic signatures, nor has the
identification information, credit
5
9. CYBER CRIME IN SOUTH AFRICA
information from a company’s Many of these criminal activities mimic
database, financial information, traditional crimes, but because most
intellectual property such as computer-related crimes are executed
designs, etc. with great ease, speed and the impact
Fraud: Internet banking fraud, is often felt across borders, the
debit and credit card fraud, online response to these types of crimes
auction fraud, online securities cannot be based on traditional
fraud, etc. investigative methodologies and tools
Illegal interception of alone.
communications, espionage, etc.
“The success of cyber criminals
Money laundering: The growth of poses new and difficult challenges for
global financial services makes it law enforcement. The anonymity and
easy to conduct banking operations global connectivity of the Internet lets
across borders over the Internet. cyber criminals engage online in
Although the use of the internet can traditional crimes such as extortion,
provide law enforcement agencies drug-running, or pornography on a
with a greater ability to trace greatly expanded scale. Crimes can
be committed across national borders
transactions through electronic
or from different continents.
records, the volume of
Criminals do not need to be physically
transactions, the anonymity, the
present to commit the crime. This
speed with which these
reduces the risk of capture and
transactions are concluded and the prosecution and makes the job of law
lack of consistent record-keeping enforcement that much harder.”
still makes it very attractive to
criminals and terrorists alike. McAfee Virtual Criminology Report
6
10. CYBER CRIME IN SOUTH AFRICA
program or to certain data held in such
SPECIFIC a computer, or is unauthorised, at the
PROVISIONS OF THE time when the access is gained, to
ECT ACT gain access to such computer,
program or data.15
The penalty clause provides for a fine
or imprisonment for a period not
exceeding 25 years or to both16, which
is considerably higher than the
provisions of the ECT Act. It is
Unauthorised Access
submitted that these penalty provisions
(section 86(1))11
are more accurate and take proper
Section 86(1) has criminalised all cognisance of the dire implications of
forms of hacking. Section 88(1) of the cyber crime.
ECT Act also criminalises an attempt
to gain unauthorised access.12 In
other words, certain security measures
Unauthorised
have been overcome, but not all and
modification of data
access has also not been secured.13 It
and various forms of
is submitted that the penalty clauses in
malicious code (Section
the ECT Act are, however, far too
86(2))17
lenient, given the impact of the crimes
Data is rendered ineffective if the
that can be committed in terms of the
normal functioning thereof has been
said Act.14
impaired. The modification need not
be permanent in nature and could only
in comparison, section 40A(1)(d) of the
be temporary. Damage is also not an
National Prosecuting Authority Act, No.
essential element of the offence. The
32 of 1998, also provides for instances
extent of the damage, however, can be
of unauthorised access and includes
an aggravating factor when sentence
access by a person who is authorised
is considered.18
to use the computer but is not
authorised to gain access to a certain
7
11. CYBER CRIME IN SOUTH AFRICA
Denial of Service the Internet or other information
Attacks (Section 86(5))19 networks. Electronic mail messages
can easily be intercepted by third
The act or conduct is very widely parties, thereby enabling them to
defined and consists of any of the obtain bank account numbers,
actions criminalised in sections 86(1) password, access codes and various
to 86(4) of the ECT Act that result in a other forms of data.
denial or partial denial of service to
legitimate users. Section 2 of the Regulation of
Interception of Communications and
These actions will, by implication, Provision of Communication-related
include unauthorised access, Information Act22 provides as follows:
unauthorised modification or the
utilisation of a program or device to “Subject to this Act, no person may
overcome security measures. intentionally intercept or attempt to
Examples would be where a cyber intercept, or authorise or procure any
criminal interferes with or alters data in other person to intercept or attempt to
a computer system that prevents intercept, at any place in the Republic,
legitimate users access to the system. any communication in the course of its
occurrence or transmission.”23
A person that is convicted of
contravening this subsection may be There is clearly an overlap between
sentenced to a fine or imprisonment the Interception Act and the ECT Act in
not exceeding 5 years.20 respect of unauthorised interception
offences.
Unauthorised The ECT Act, however, provides for a
Interception (Section penalty of a fine or a term of
86(1))21 imprisonment not exceeding 12
months.24 The sentence is much more
Cyber criminals often obtain valuable
lenient than that provided for in the
information by intercepting and
Interception Act.
monitoring communications sent via
8
12. CYBER CRIME IN SOUTH AFRICA
Devices (Section 86(4))25 any of the rest of the actions
criminalised in section 86.27
Cyber criminals often use devices in
order to gain unauthorised access to
data or to commit cyber crimes. Extortion (Section
87(1))28
These devices may consist of
The act consists in the performing or
hardware devices and attachments, as
threat of performing any of the acts
well as software programs such as spy
described in section 86 of the ECT Act,
software.
such as unauthorised modification of
data.
South Africa has experienced a high
volume of incidents where cards are
Computer-related Fraud
swiped through a skimming device26 or
(Section 87(2))29
card reader. All the data contained on
the magnetic strip is captured and can This section criminalises computer-
then be downloaded from the device, related fraud, forgery and uttering, in
with the assistance of a computer that the data should be falsified/false
terminal. These devices are also often data should be produced.
installed in Automated Teller Machines
(ATMs). The illegal action will be founded in
any of the actions mentioned in section
86 that will cause fake data to be
produced.30
THEFT
The evolution of information
Section 86(4) also criminalises the technology and computers has also
actual use of such a software program heralded the emergence of new forms
or device that is designed to overcome of theft, such as the theft of electronic
security measures or to contravene information, data, electronic funds and
9
13. CYBER CRIME IN SOUTH AFRICA
software programs. introduce new measures for the
prevention detection and prosecution
One of the biggest concerns in South of these types of crime.
Africa, is the phenomenon of identify
theft which entails the theft of a This multi-stakeholder cooperation will
person’s identify that is subsequently be discussed in more detail below.
used to impersonate the victim for
criminal actions, such as the
commission of fraud.
Identity theft has largely remained
undetected in government, compared
to the rate of detection within the
private sector. It is submitted that this
can largely be ascribed to the fact that
government(s) do not always apply the
same stringent security measures to PORNOGRAPHY,
protect online identities and the CYBER OBSCENITY
integrity of their network security. AND STALKING
However, government has a big bank Pornography is widely distributed
account too and criminals in South though the Internet and of concern is
Africa have taken the route of least that the Internet is being used as a key
resistance: there has been an tool and facilitator in the distribution of
increase in reported crimes where user specifically online child pornography.
identities and passwords have been
compromised and theft and fraud The South African Constitution
committed within various state protects the rights of children under
departments. the age of 18 years and inter alia
provides that a child should be
Law enforcement has joined forces protected from degradation.31
with several government departments,
as well as private sector partners to In South Africa the criminalisation of
10
14. CYBER CRIME IN SOUTH AFRICA
child pornography is governed by the The Council of Europe’s Convention
Films and Publications Act, No. 65 of on Cybercrime has provided a sound
1996.32 basis for the essential cross-border
law enforcement cooperation required
The Internet has explicitly been to combat cyber crime.
included in the definition of
publications and all forms of child So-called ‘communities of shared fate’
pornography on the Internet will now have a purpose built mechanism
constitute criminal offences. on which they can fashion their own
domestic legislation and enhance
Upon conviction a perpetrator may be international cooperation on matters
sentenced to a fine or imprisonment relating to cyber crime.
for a period not exceeding 5 years or
to both such fine and imprisonment The Council of Europe’s Convention
where the court finds that aggravating on Cybercrime was opened for
factors are present.33 signature on 23 November 2001 at
Budapest.34 South Africa became a
signatory on 23 November 2001, but
COUNCIL OF has not ratified the Convention to date.
EUROPE’S
CONVENTION ON
CYBERCRIME
Until very recently it was not possible
to talk about an international
consensus on addressing cyber crime,
specifically due to the trans-national
nature of this type of crime.
11
15. CYBER CRIME IN SOUTH AFRICA
“Forensic specialists tasked with investigating computer-related crime also face new
challenges. A shift away from ‘script kiddie’ releases of malicious software to bespoke code
designed to steal information, especially personal identification data. The greater use of
encryption and access protection also poses a growing challenge of extracting evidence
from computers and servers. Another continuing problem was the reluctance of victims to
report offences and that many victims are unaware that they or the computers had been
compromised. The implications of such activity for infrastructure protection are ominous
(Semple 2004). The online availability of source code and automated ‘easy to use’ hacking
tools that act as system reconnaissance provide multiple exploit tools and deploy ‘spyware’
(i.e. keystroke monitoring or transmission); this had also increased the risks of computer
intrusion activities as a predicate to other criminal activity such as extortion, financial or
internet fraud, identity theft, telecommunications theft, and economic espionage.
Moreover, ‘patch’ counter-measures have proved inadequate because too many users
failed to update (regardless of whether the software was licit or illicit) as ‘MS blaster’
demonstrated, despite the availability of an effective patch some months before the release
of this particular malicious code.”
Broadhurst, R Developments in the global law enforcement of cyber-crime
12
16. CYBER CRIME IN SOUTH AFRICA
It is difficult to fathom what the true
INVESTIGATION
extent of cyber crime in South Africa is
AND at this stage. Cyber crimes, if reported
PROSECUTION OF at all, are not always differentiated
CYBER CRIME IN from other commercial crimes, fraud
SOUTH AFRICA reports or criminal damage statistics.
Thus the extent of computer-related
The task of identifying, successfully crimes – even when reported -
investigating and prosecuting cyber remains unclear. Police statistics
criminals poses ever-increasing about reported crime seldom reveals
challenges to law enforcement where a computer was used to
agencies across the world. facilitate the commission of a crime,
where digital evidence was used as
Due to the speed with which these evidence of a particular crime or where
crimes are committed and the specific types of cyber crime such as
difficulties posed by investigations of phishing, hacking, computer-related
such a multi-jurisdictional nature, swift fraud and extortion, etc. was
and speedy cooperation is required committed. The same applies to how
from law enforcement agencies across many cases have successfully been
the globe: Something that would defy prosecuted in court.
the traditional bureaucracy associated
with international cooperation.
Cyber crime has resulted in the
emergence of an alternative approach
to traditional law enforcement (where
traditionally means that the law should
be enforced by the State alone). Co-
Due to the particular nature of cyber
operation and collaborating between
crimes, these offences are often
the State and the private sector is
difficult to investigate, are labour
necessary to effectively deal with the
intensive and require specialised skills
advent of cyber crime.
to successfully complete the
13
17. CYBER CRIME IN SOUTH AFRICA
investigation, as well as the analysis of wares sites give even inexperienced
evidence gathered during the course cybercriminals the weapons they need
of an investigation. to commit crime on the Internet.
The trans-national aspect of cyber During investigations in South Africa it
crime is further compounded by has also been found that legitimate
technological developments that pose software is adapted or modified or
new and difficult challenges for the used for illegal purposes such as
identification of perpetrators and the identity theft.
collection of evidence.
There is also an increasing trend of
Digital footprints are fragile and traditional (or professional) criminals
transient and swift action is required forming partnerships with their cyber
from all role players in a particular counterparts due to the ease with
investigation. This becomes even which huge financial gains can be
more important when dealing with made from the Internet with relatively
attacks that span across multiple low risks. Traditional criminals bring
jurisdictions. Traditional methods of with them the skills, knowledge and
law enforcement and investigations connections needed for a large scale,
are no longer adequate. high-value criminal enterprise that,
when combined with computer skills,
The problem is further compounded by form a winning business strategy to
the fact that many law enforcement expand the scope and risk of cyber
agencies still lack the capability to crime.
operate effectively in cyberspace.
Even where there have been efforts to During the course of their
train law enforcement officials, cyber investigations South African law
crime calls for specialisation and due enforcement agencies have, as is the
to resource constraints, this is often case in most other countries, dealt with
not possible. two basic avenues for cybercrime (or a
combination of these two avenues):
Sophisticated shareware tools for
cybercrime available on hacker or Exploiting vulnerabilities in
14
18. CYBER CRIME IN SOUTH AFRICA
operating systems and other The Directorate of Special Operations
software programs; and/or (DSO) in South Africa have
Social engineering where the demonstrated the vital importance of a
criminals have tricked a victim prosecutor and investigator – both who
into providing access to their are skilled and knowledgeable in cyber
computer or network. crimes and cyber law – working
together from the onset of an
Criminals have also found their way investigation.
into computers and networks by
bribing officials within a
business/department to load spy
software onto a computer or to install a
hardware key logger onto a system
and then to remove it again and hand
it over to the syndicate.
Criminals are more often than not, far
This ensures that legal requirements
better technically equipped and skilled
are always borne in mind and
than the law enforcement agencies
complied with at every stage of the
that have to investigate their criminal
investigation.
conduct.
It also contributes to a speedier
The speed at which these offences are
completion of the investigation and
committed, as well as the borderless
resultant prosecution.
nature thereof, also complicate
investigations. Due to the fact that, for
When dealing with cyber crime in
example, data can be deleted by the
South Africa, one finds more often
press of a button, it is vital that
than not that these crimes are
evidence, as well as the integrity of
committed in an organised fashion by
data be preserved, and that evidence
syndicates that conduct their activities
be gathered and safeguarded as soon
with businesslike precision. This
as possible.
seems to be a phenomenon that is
15
19. CYBER CRIME IN SOUTH AFRICA
occurring across the globe: specialist the syndicate would have to
actively go out and recruit another
“E-crime now has a business structure (which might pose an opportunity for
that broadly mirrors that of legitimate infiltration for law enforcement).
business, and links in with other forms of
organised crime. The structure includes
Cyber criminals cannot hide within the
software providers, information providers,
anonymity of their cyber world forever
hosting and service providers, consultants
and eventually have to step out into
and people who provide services in the
the physical world, usually when they
physical word, such as money couriers.”35
have to covert their cyber gains into
real money. For example, when
money has been siphoned-off into a
bank account it would require a
physical cash withdrawal, the
purchase and/or sale of goods, issuing
a cheque, etc.
Due to the relative scarcity of IT These actions incur a significant risk of
specialists that would be willing to interception by law enforcement or
render services to these syndicates, loss due to the criminal having to rely
one also finds that a single specialist on another criminal who turns out to be
will operate within more than one untrustworthy. But this has led to
syndicate. Due to the specialists’ many a breakthrough for law
preference for particular software, enforcement agencies in South Africa
malware or programming methods, that have patiently lain in wait and had
one can often find valuable links within been able to catch criminals in the act.
the specialists’ digital fingerprint.
The successful investigation and
One might also want to focus on the subsequent prosecution of some cyber
arrest of such a specialist as he/she crimes will also largely depend on
often can provide valuable links to effective and timely international co-
several other criminals within a operation between countries.
syndicate, or at least without their IT
16
20. CYBER CRIME IN SOUTH AFRICA
COMBATING COMPUTER-RELATED CRIME
…The Cyber Crime Unit of the South African Police Service, for example, provides both
reactive forensic and pro-active evidential intelligence services during the investigation of
serious and organised crime. All operations of and analysis by the Unit are court-directed.
Members of the Cyber Crime Unit render supportive investigations where:
Computers and networks (including the Internet) are the targets of an offence, e.g.
damaging a computer or computer network.
Computers and/or networks are the tools in the commission of an offence, e.g.
creating and transmitting formulas for manufacturing home-made explosives; and
Where computers and/or networks are incidental to an offence, e.g. criminals who
store their records on computers and computing devices, which raises challenging
evidential and forensic matters.
The primary clients of the Cyber Crime Unit is the South African Police Service, Interpol
and authorised foreign Law Enforcement Agencies whilst training have also been
provided to the Royal Swazi Police, the Botswana Police as well as delegates from other
countries in the region. Support is also rendered to the victims of computer-related crime.
The Cyber Crime Unit specialises in:
Proactive evidential intelligence operations via the Internet and computer networks.
Tracing of “on-line” suspects.
Forensic search and seizure of memory resident data and computer-related
information.
Forensic analysis of seized material.
Evidential Intelligence operations.
Tracing and locating Internet based messages and information.
Operations to identify and locate on-line suspects, criminal activities and contraband.
Internet and networked based surveillance.
The Unit also provides evidential Intelligence (proactive support) via:
Network forensics.
Internet and Intranet based surveillance.
On-line transactions and communication to identify suspects and criminal activities.
Email messages, Web Sites, News Groups, Internet Relay Chat and Virtual Private
Networks.
SAPS COUNTRY REPORT TO THE 11TH UNITED NATIONS CONGRESS ON CRIME
17
21. CYBER CRIME IN SOUTH AFRICA
The commission of cyber crime in
PRACTICAL government spheres also tend to go
APPLICATIONS hand in hand with crimes such as
fraud, computer-related fraud, bribery
The Directorate of Special Operations and corruption.
(DSO) obtained the first conviction in
South Africa for the possession and In the same fashion, the DSO also
use of spy software and the use deals with cyber crime committed in
thereof to hack into various the private sector. It has had great
government computer systems in success with a project involving cyber
2006. 36
crime in the banking industry that is
committed from the anonymity of
The Directorate, also known as the internet cafés. In March 2007, the
Scorpions, where approached by Gauteng office made a major
various government departments to breakthrough in the case by arresting
investigate fraudulent transactions that an IT mastermind, involved in the
were being created on their computer acquisition and preparation of spyware
systems, by making use of user id’s that was being placed on South
and passwords of employees. These African banking systems.
user identifications and passwords
were in turn stolen by means of The suspect also played a major role
hardware key loggers and spy in moving the proceeds of these
software that were installed on certain Internet frauds to bank accounts in
computers. New York and other parts of the world.
South Africa has seen a sharp The NPA also received a certificate of
increase over the last few years in the recognition from Motorola Information
commission of these types of crime Protection Services, USA and Sun
and the potential loss for the Microsystems for its contribution to the
government has proven to be fight against cyber crime in this project.
significant.
Other successful investigations and
prosecutions dealt with issues ranging
18
22. CYBER CRIME IN SOUTH AFRICA
from contraventions of section 86(1) of South African law enforcement have
the ECT Act where two ex-employees successfully dealt with such
of a South African corporation that ran prosecutions and have also embarked
the back office of an overseas online on joint initiatives with international
casino, to where accused were partners (USA in particular) to address
installing hardware key loggers on this type of crime.
computer systems to obtain
information that was entered into a
computer.
The phenomenon of advance fee fraud
schemes, or more commonly referred
to as 419 scams, have been widely
reported on in South Africa.37
19
23. CYBER CRIME IN SOUTH AFRICA
“In this context, the creation of a “global culture of security” is vital to preserve our core
values of security and privacy and realise the potential of the digital age. But how do we
create such a culture? Personal and national security are too important to allow such a
culture to arise unplanned and reactively. Rather, we must develop a comprehensive
approach to security in which both the public and private sectors play leading roles, share
responsibility, and support one another. In particular, government and the private sector,
with information technology companies in a leading role, should work together to ensure the
development of strong criminal laws and the capability to enforce them, to share information
that will enhance security, and to support the security education and training of citizens.”
SCOTT CHARNEY
VICE PRESIDENT, TRUSTWORTHY COMPUTING
MICROSOFT CORPORATION
MARCH 31, 2005
20
24. CYBER CRIME IN SOUTH AFRICA
PUBLIC-PRIVATE
PARTNERSHIPS:
THE LAYERED
DEFENCE
The effective control of cyber crime
requires more than just cooperation
between public and private security
agencies.
The private sector is the first line of
defence against financial crimes
The role of the communications and IT
perpetrated by criminals. They
industries in designing products that
operate and maintain the very systems
are resistant to crime and that facilitate
criminal organisations seek to exploit
detection and investigation is also of
for their illicit purposes. Regardless, if
critical importance.
the crime is one of fraud against a
financial institution or the use of a
To effectively address cyber crime also
financial institution to move illicit funds
calls for a less re-active and more pro-
– virtually every criminal scheme
active approach to the prevention,
requires the use of a financial
detection, investigation and
institution in the furtherance of criminal
prosecution of these crimes. One of
activity, i.e. the use of legitimate funds
the key success factors to such a pro-
and seemingly legitimate financial
active approach lies in the combined
transactions to further illicit activity.
forces of public and private
partnerships.
In South Africa the Financial
Intelligence Centre (FIC) plays and
Whilst it might be that only law
important role in this regard.38
enforcement can arrest criminals,
service providers and private sector
The FIC’s mission is to establish and
institutions can do much to investigate
maintain an effective policy and
and prevent cyber crime.
compliance framework and operational
21
25. CYBER CRIME IN SOUTH AFRICA
capacity to oversee compliance and to to develop and implement internal
provide high quality, timely financial rules to facilitate compliance with
intelligence for use in the fight against these obligations.
crime, money laundering and terror
financing, in order for South Africa to There are several success stories in
protect the integrity and stability of its South Africa where effective multi-
financial systems, to develop stakeholder cooperation has yielded
economically and to be a responsible positive results in dealing with cyber
global citizen. crime. Government departments have
taken hands with law enforcement
The FIC Act also sets up a regulatory agencies, law enforcement agencies
anti-money laundering regime which is have formed partnerships with the
intended to break the cycle used by private sector and the private sector
organised criminal groups to benefit industries have created forums for
from illegitimate profits. By doing this knowledge sharing and collaboration.
the Act aims to maintain the integrity of
the financial system. Apart from the Some of these examples include:
regulatory regime the FIC Act also
creates the Financial Intelligence The Council for Scientific and
Centre. Industrial Research (CSIR) in
South Africa is one of the leading
scientific and technology research,
development and implementation
organisations in Africa. It
undertakes directed research,
innovation and development in
science and technology for socio-
economic growth and to improve
The regulatory regime of the FIC Act the quality of life of the country’s
39
imposes 'knowing your client' , citizens. Building local and
record-keeping and reporting international partnerships remains
obligations on accountable institutions. a key component of its endeavours
It also requires accountable institutions to provide world-class technology.
22
26. CYBER CRIME IN SOUTH AFRICA
The CSIR Defence, Peace, Safety means whereby they can protect
and Security Unit has also made a themselves against impersonation
valuable contribution to the fight and identity theft.
against cyber crime by supporting South African banking Risk
departments and agencies which Information Centre (SABRIC) is a
are primarily tasked with the section 21 company established to
prevention and combating of crime, combat crime in the banking
by for example researching cyber industry. Its key stakeholders are
forensics and delivering practical the major banks in South Africa. Its
solutions through strategic principle business is to detect,
partnerships with South African law prevent and reduce organised
enforcement agencies and role- crime in the banking industry
players in the financial services through effective public-private
industry. partnerships.
The CSIR has also provided The company also provides crime
valuable cyber training to law risk information and consequence
enforcement officials. management to the banking
industry and CIT companies.
Business Against Crime South
Africa (BAC) is a section 21 To effectively deal with cyber crime
company that seeks to support the also requires a change of mindset.
South African Government’s efforts
to fight crime by complementing its Security has to be understood in broad
resources with entrepreneurial, rather than narrow terms. It can no
managerial and technological skills longer be the aspect that is considered
from the South African private after the business is up and running: It
sector. needs to form part of intelligence,
planning and business strategy right
The South African Fraud from the onset. Public-private
Prevention Service (SAFPS) is a partnerships will assist in the sharing
service which is committed to of information where businesses could
combating fraud in society and to then incorporate criminal threats in
offering the South African public a their risk assessment process.
23
27. CYBER CRIME IN SOUTH AFRICA
It is law enforcement’s responsibility to A layered defence pushes criminals to
identify vulnerabilities and behaviours seek more desperate schemes that
that are indicative of (cyber) criminal can be more readily identified and
behaviour. countered by law enforcement.
This information should then in turn be Providing the private sector with red
provided to the private sector for flag indicators of suspicious behaviour
everyone’s well being. The private assists them in identifying actions that
sector and Government should use can be referred to law enforcement for
this information to protect themselves investigation. These simple and timely
against fraudulent schemes. investigative referrals can result in the
identification and dismantling of an
An effective partnership between entire criminal network.
investigators, government and the
private sector aids in implementing Cyber crime creates an unprecedented
systems that protects against need for concerted action from
exploitation. government and industry, but also
unprecedented challenges to effective
“Shannon and Thomas (2005) also
international cooperation. Determining
stress ‘human security’ perspectives
criminal jurisdiction can become a
in dealing with complex threats posed
by cyber crime and argue that over- time-consuming exercise and costly
reliance on the State, especially the exercise – often providing the criminals
public police, to address cyber- with added security and means to hide
security issues would expose both their crimes.
markets and society to frequent low
level but costly risks. Consequently After an analysis of the instructive
the role of public-private police
guidance and principles offered by the
partnerships in the marketplace and
international community, Scott
the emergence of civil society on the
Charney40 identified the following five
Internet combined with public
elements of a sound, comprehensive
awareness has become essential to
contain cyber crime amongst ordinary
public-private sector approach to cyber
users.” crime:
Broadhurst, R
24
28. CYBER CRIME IN SOUTH AFRICA
The existence of strong laws and donors. However, one of the best
adequate resources for law forms of training is still on-the-job-
enforcement. training and a cross-pollination of
Proper training of law skills.
enforcement.
Coordination among domestic Domestically several industries
and international law enforcement have created forums for
agencies and improved information sharing and creating
information sharing that is closely awareness, e.g. SABRIC and
related to such coordination. BAC. Private and public sector
Heightened public awareness of partnerships are also on the
the risks of cyberspace and increase and where in place,
proper user practices. have led to great successes in
Improved technology.41 the prevention and combating of
cyber fraud especially.
If this framework is applied to the Public awareness raised for e.g.
South African context the following by banks on their websites
observations can be made: provides valuable information to
online customers. In comparison
Although South Africa has signed with some of their international
the Convention on Cyber Crime, it counterparts, there is still much
has not ratified it. South Africa that South Africa can do to
does have laws dealing with effectively raise public awareness
cybercrime but not in one regarding cyber crime (in all its
framework. Especially the forms).
penalties in the ECT Act fail to Improved technology should not
recognise the seriousness of only be the responsibility of the
cyber offences. companies developing it, but
Training of law enforcement government should also play an
officials in cyber crime is very active role by, for example
costly and heavy reliance has to funding cyber security-related
be placed on assistance from the research and development, etc.
private sector and international
25
29. CYBER CRIME IN SOUTH AFRICA
“In sum, the synergy between organised crime and the Internet is not only very natural but
also one that is likely to flourish and develop even further in the future. The Internet provides
both channels and targets for criminals and enables them to be exploited for considerable
gain with a very low level of risk. For organised crime it is difficult to ask for more. It is
critical, therefore, to identify some of the ways in which organised crime is already
overlapping with cybercrime.”
Phil Williams, Organised Crime and Cyber crime: Implications for Business
26
30. CYBER CRIME IN SOUTH AFRICA
CONCLUSION
Cyber crime is an international
phenomenon that necessitates co-
operation between multiple countries.
It is borderless, fast and even deadly
in some instance and furthermore
dictates that new and more effective Unfortunately this works in favour of
prevention, investigation and the criminals. Disclosure of
prosecution strategies should be information relating specifically to
developed and employed on an almost cyber crime must be understood within
daily basis. the following three categories:
The benefits and necessity for public- Sharing of information between
private partnerships to succeed in companies within a particular
addressing cyber crime cannot be industry or market, e.g. banks,
stressed enough. Cyber crime, investment companies, etc.
however, remains under-reported and Sharing of information between
this must also be seen in light of the businesses and law enforcement
balance between reporting of crime agencies.
and reputational damage to Full public disclosure.
companies.
However, the more developed the
In the case of for example a bank, their methods of information sharing
online transactions must be perceived between industry members, and
to be secure and there is a natural between business and law
desire to avoid any disclosures that enforcement agencies are, the less the
might undermine customer confidence need for a situation where full public
and place a company at a competitive disclosure will be called for.
disadvantage.
Sharing of information can also lead to
27
31. CYBER CRIME IN SOUTH AFRICA
the creation of similar and shared The competitive advantage could
methods and tools for the detection remain on the right side of the law by
and prevention of cyber crime and means of fostering and nurturing
contribute to the effective (and pro- effective public-private partnerships,
active) prevention of cyber crime within as well as international cooperation
a particular industry. and actively embarking on public
awareness campaigns.
The fight against cyber crime will
remain an active battle between law Prevention remains better than cure.
enforcement agencies and cyber
criminals.
“The weaknesses of digital identity management and the ability to use false identities
to tap into global credit card and financial networks will continue to make this form of
fraud attractive to cybercriminals. Although improvements in software and
authentication technology will reduce some areas of risk for identity theft, social
engineering will continue to provide opportunity for crime and new technological
vulnerabilities like the ability to illegally duplicate some biometric identification data
will likely be discovered.”
McAfee Virtual Criminology Report
28
32. CYBER CRIME IN SOUTH AFRICA
BIBLIOGRAPHY
Broadhurst, R Developments in the global law enforcement of cyber-crime accessed
on 15 January 2009 on citeseerx.ist.psu.edu (10[1].1.1.88.7864.pdf)
Charney, S Combating Cybercrime: A Public-Private Strategy in the Digital
Environment accessed on 21 January 2009 at
web.reed.edu/nwacc/programs/confos/UNcrimeCongressPaper.doc
Council of Europe Convention on Cybercrime accessed on www.coe.org
Forman, M.M Combating terrorist financing and other financial crimes through
private sector partnerships accessed on 17 January 2009 at
www.emeraldinsight.com/insight/viewContentServlet?Filename=Published/EmeraldF
ullTextArticle/Articles/3100090109.html
McAfee Virtual Criminology Report: North American Study into Organized Crime
and the Internet accessed on 17 January 2009 at
www.mccafee.com/us/local_content/misc/mccafee_na_virtual_criminology_report.pd
f
Titterington, G Taking the battle to the e-criminals 10 December 2008,
www.ovum.com
Williams, P Organized Crime and Cyber-Crime: Implications for Business accessed
on 15 January 2009 at www.cert.org/archive/pdf/cybercrime-business.pdf
29
33. CYBER CRIME IN SOUTH AFRICA
BIBLIOGRAPHY
Broadhurst, R Developments in the global law enforcement of cyber-crime accessed
on 15 January 2009 on citeseerx.ist.psu.edu (10[1].1.1.88.7864.pdf)
Charney, S Combating Cybercrime: A Public-Private Strategy in the Digital
Environment accessed on 21 January 2009 at
web.reed.edu/nwacc/programs/confos/UNcrimeCongressPaper.doc
Council of Europe Convention on Cybercrime accessed on www.coe.org
Forman, M.M Combating terrorist financing and other financial crimes through
private sector partnerships accessed on 17 January 2009 at
www.emeraldinsight.com/insight/viewContentServlet?Filename=Published/EmeraldF
ullTextArticle/Articles/3100090109.html
McAfee Virtual Criminology Report: North American Study into Organized Crime
and the Internet accessed on 17 January 2009 at
www.mccafee.com/us/local_content/misc/mccafee_na_virtual_criminology_report.pd
f
Titterington, G Taking the battle to the e-criminals 10 December 2008,
www.ovum.com
Williams, P Organized Crime and Cyber-Crime: Implications for Business accessed
on 15 January 2009 at www.cert.org/archive/pdf/cybercrime-business.pdf
29
34. CYBER CRIME IN SOUTH AFRICA
ENDNOTES
1. Although the author is employed by PwC, the practical research is largely based on
experience during her employment in the Directorate of Special Operations.
2. Computer system means “any device or group of inter-connected or related devices, one
or more of which, pursuant to a program, performs automatic processing of data Article
1A of the Convention on Cybercrime.
3. Computer data means “any representation of facts, information or concepts in a form
suitable for processing in a computer system, including a program suitable to cause a
computer system to perform a function Article 1B of the Convention on Cybercrime.
4. A description of computer system is found in the Financial Intelligence Centre Act, No. 38
of 2001: “…computer system means an electronic, magnetic, optical, electrochemical or
other data processing device, including the physical components thereof, and any
removable storage medium that is for the time being therein or connected thereto, or a
group of such interconnected or related devices, one or more of which is capable of (i)
containing data; or (ii) performing a logical, arithmetic or any other function in relation to
data.”
5. The ECT Act does not deal with the concepts of computer or computer system, but rather
with the concept data. Data is defined as “electronic representations of information in any
form” and widens the scope of the application of the Act, because it is not limited to only
computers. This is advantageous since it would include information systems, large
computer networks, the Internet and cyberspace. Information technology necessitates
the use of the term data rather than the term computer. One of the main purposes of the
Act as stipulated in the Preamble is to prevent abuse of information systems. The term
information system is defined in the ECT Act as “a system for generating, sending,
receiving, sorting, displaying or otherwise processing data messages and includes the
Internet.”
6. The programming and functions of these computerised devises are in the form of data. A
cellular phone contains data in that it stores information in electronic format.
7. Traditional credit and debit cards are issued with magnetic strips that contain data. Bank
account numbers and expiry dates are encoded on the magnetic strips through means of
computer technology. These magnetic strips may also be the subject matter of various
types of cyber crime. South African banks, however, are moving towards the use of
microprocessor chips embedded in credit and debit cards.
8. Credo and Michels Computer crime in South Africa (1985) 2.
9. Prof. Dana van der Merwe in the second edition of his book Computers and the Law
(2000) at p 188 defined computer crime as follows: “Computer crime covers all sets of
circumstances where electronic data processing forms the means for the commission
and/or the object of an offence and represents the basis for the suspicion that an offence
has been committed.”
30
35. CYBER CRIME IN SOUTH AFRICA
10. Watney uses the term cyber crime and defined it as all illegal activities pertaining to a
computer system, irrespective of whether the computer is the object of the crime or the
instrument with which the crime is committed. (Watney, MM Die Strafregtelike en
prosedurele middele ter bekamping van kubermisdaad (Deel 1)(2003) 1 TSAR 56).
11. Subject to the Interception and Monitoring Prohibition Act, 1992 (Act 127 of 1992), a
person who intentionally accesses or intercepts any data without permission or authority
to do so, is guilty of an offence.
12. For example, when a person who intends gaining unauthorised access is still in the
process of gaining access and gets caught, can be convicted of attempted unauthorised
access in terms of section 88(1).
13. Section 88(2) of the Act provides for the criminalisation of aiding and abetting another to
gain unauthorised access. It often happens that an employee of a company, who is
authorised to gain access to certain data, copies the data contrary to the scope and limits
of his/her authority, and sells it to a competitor. The competitor is not authorised to gain
access to the specific data.
14. Section 89(1) provides for a sentence of a fine or imprisonment not exceeding twelve
months.
15. Section 71(1) of the South African Police Service Act, No. 68 of 1995 and section
128(1)(e) of the Correctional Services Act, No. 111 of 1998, also have similar provisions.
16. Section 40A(2).
17. A person who intentionally and without authority to do so, interferes with data in a way
which causes such data to be modified, destroyed or otherwise render ineffective, is guilty
of an offence.
18. An attempt to intentionally interfere with data without authority is criminalised in section
88(1) of the ECT Act. Section 89(1) of the ECT Act provides that a person convicted of
contravening section 86(2) of the Act may be sentenced to a fine or imprisonment not
exceeding 12 months. The maximum fine falls within the jurisdiction of the South African
district courts.
19. A person who commits any act described in this section with the intent to interfere with
access to an information system so as to constitute a denial, including a partial denial, of
service to legitimate users is guilty of an offence.
20. Section 89(2) of Act 25 of 2002. Section 88(2) also criminalises the aiding and abetting of
another to commit the offence.
21. Section 86(1) provides that, subject to the Interception and Monitoring Prohibition Act,
1992 (Act No. 127 of 1992), a person who intentionally accesses or intercept any data
without authority or permission to do so, is guilty of an offence.
22. Act 70 of 2002, which repeals Act 127 of 1992.
23. Section 49(1) of the Act provides that such an intentional and unlawful interception is a
criminal offence. The criminal conduct or actus reus will consist of the interception of a
communication in the course of its occurrence or transmission.
31
36. CYBER CRIME IN SOUTH AFRICA
24. Section 89(1).
25. Section 86(4) of the ECT Act provides as follows: “A person who utilises any device or
computer program mentioned in subsection (3) in order to unlawfully overcome security
measures designed to protect such data or access thereto, is guilty of an offence.”
26. An electronic card reader or skimming device is a physical device that can be used to
read electronic data from the magnetic strip of a credit card.
27. Section 88(1) provides that a person that attempts to commit the offences referred to in
sections 86(3) and 86(4) is guilty of an offence. The aiding and abetting of a person to
commit such may be sentenced to a fine or a term of imprisonment not exceeding 5
years.
28. Section 87(1) of the ECT Act provides that: “A person who performs or threatens to
perform any of the acts described in section 86, for the purpose of obtaining any unlawful
proprietary advantage by undertaking to cease or desist from such action, or by
undertaking to restore any damage caused as a result of those actions, is guilty of an
offence.”
29. Section 87(2) of the ECT Act stated as follows: “A person who performs any of the acts
described in section 86 for the purpose of obtaining any unlawful advantage by causing
fake data to be produced with the intent that it be considered or acted upon as if it were
authentic, is guilty of an offence.”
30. Section 88(1) of the ECT Act criminalised an attempt to commit the offence. Similarly
section 88(2) criminalises the aiding and abetting to commit the offence as criminal
conduct.
31. Section 28 of the Constitution of the Republic of South Africa, Act 108 of 1996.
32. Section 27(1)(a) of the Films and Publications Act provides that a person shall be guilty
of an offence if he/she knowingly creates, produces, imports or is in possession of a
publication that contains a visual representation of child pornography. Section 27(1)(b)
provides that a person that knowingly creates, distributes, produces, imports or is in
possession of a film that contains a scene of child pornography shall be guilty of an
offence.
33. Section 30(1) of Act 65 of 1996.
34. The preamble to the Convention reads as follows: “Convinced of the need to pursue, as
a matter of priority, a common criminal policy aimed at the protection of society against
cybercrime, inter alia, by adopting appropriate legislation and fostering international co-
operation…” The Convention aims to harmonise laws in respect of cyber offences,
procedure, investigation and prosecution thereof.
35. Titterington, G Taking the battle to the e-criminals.
36. The State v Sipho Msomi, case number 41/1320/2006.
37. In these cases the perpetrator sends an electronic message to another person in which
certain misrepresentations are made, and in which the victim is requested to keep certain
32
37. CYBER CRIME IN SOUTH AFRICA
money in trust for the perpetrator. This usually includes a request for an advance or
administration fee in order to facilitate the transaction.
38. The Financial Intelligence Centre (FIC) was established under the FIC Act No. 38 of 2001
in February 2002. The FIC started receiving reports on suspicious and unusual
transactions on 3 February 2003. The FIC Act is the result of 5 years of investigation and
development. It complements and works with the Prevention of Organised Crime Act, No.
121 of 1998 which contains the substantive money laundering offences.
39. Knowing your client (KYC) is also becoming more imperative by the day: Business and
government departments alike can learn much from the banking sector where rigorous
process of client acceptance has been at the order of the day. This practice is to guard
not only against criminal syndicates infiltrating your business/government department but
also to identify and prevent opportunities for money-laundering.
40. Charney, S Combating Cybercrime: A Public-Private Strategy in the Digital Environment.
41. Grabosky and Broadhurst (2005)(as referred to in Broadhurst, R Developments in the
global law enforcement of cyber crime), also provide a very useful framework for
effective regional cooperation to facilitate the combating of cyber crime. It includes the
following basic elements:
Improve security awareness by providing adequate resources to secure transactions and
equip system operators and administrators.
Improve coordination and collaboration by enabling systematic exchanges between the
private sector and law enforcement including joint operations.
Take steps to ensure that technology does not outpace the ability of law enforcement to
investigate and enact substantive and procedural laws adequate to cope with current and
anticipated manifestations of cyber crime.
Broadly criminalise the conduct (including juvenile offenders) and focus on all violators big
and small.
Strengthen international initiatives by updating existing treaties and agreements to
recognise the existence, threats and transnational nature of high tech computer-related
crimes and strive for legal harmonisation.
The development of forensic computing skills by law enforcement and investigative
personnel and mechanisms for operational cooperation between law enforcement
agencies from different countries, i.e. 24/7 points of contact for investigators.
33